CVE-2002-1289

Currently unrated

Key Information:

Vendor: Microsoft
Status: Java Virtual Machine
Vendor: CVE Published:; 29 November 2002

Summary

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.

References

http://marc.info/?l=ntbugtraq&m=103684360031565&w=2

mailing-listx_refsource_NTBUGTRAQ

http://www.iss.net/security_center/static/10582.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6140

vdb-entryx_refsource_BID

EPSS Score

4% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 29, 2002
Vulnerability Reserved
Nov 13, 2002

Collectors

NVD DatabaseMitre Database